The first name after the word SOA is MNAME
, the name server that is authoritative for the zone -- e.g., the name of your name server itself.
The second name, RNAME
, looks like a domain name but isn't. It's the string you get if you replace the "@" character with "." in the email address of the person responsible for the zone. (Hopefully your email address doesn't have a "." before the "@".)
For both of these names (and others in zone files) the zone name itself is implicitly appended unless the name ends in a period: foo
means foo.example.com
, while foo.
means foo
. A common mistake is to write foo.example.com
, which bind publishes to the world as foo.example.com.example.com
, when you should have written foo.example.com.
.
The parentheses allow you to write a resource record that spans multiple lines in your text file. One of the examples you supplied puts the opening parenthesis between the MNAME
and the RNAME
, while the other puts it after the RNAME
, but there's no functional difference.
"IN" specifies the "internet" class, which is the default, so you can leave it out.
Recommended grammar: Follow the wikipedia example and use a tool like dig
or dnsq
to show what your name server is actually telling the world, instead of spending too much effort second-guessing how bind is parsing your zone file.
Precise grammar: BIND source code. (Only if you're really trying to be pedantic -- not necessary if you're just trying to make your zone file work.)
Official grammar (or at least the internet equivalent of official):
Every zone should have an SOA. If you serve that zone ("authoritative" or not) you should have SOA along with all the other records in the zone. Practically speaking, if you're writing a zone file, put an SOA in there -- and if you're copying the entire zone file from someone else, so you'll get the SOA that way, so you don't need to worry about it.
PostgreSQL, at least under the default PowerDNS table schema, is case sensitive. PowerDNS lowercases all queries. So, make sure to always lowercase your names.
Best Answer
From RFC 1033 one of the core DNS RFC's (the DNS Wikipedia page has a nice list)
The Start Of Authority record designates the start of a zone. The one ends at the next SOA record.
<name>
is the name of the zone. (Comment: typically the domainname example.com or office.example.com)<origin>
is the name of the host on which the master zone file resides. (Comment: the primary name server)<person>
is a mailbox for the person responsible for the zone. It is formatted like a mailing address but the at-sign that normally separates the user from the host name is replaced with a dot. (Comment: hostmaster@office.example.com becomes hostmaster.office.example.com)<serial>
is the version number of the zone file. It should be incremented anytime a change is made to data in the zone. (Comment: common is a timestamp like string yyyymmdd(hhmm)<refresh>
is how long, in seconds, a secondary name server is to check with the primary name server to see if an update is needed. A good value here would be one hour (3600).<retry>
is how long, in seconds, a secondary name server is to retry after a failure to check for a refresh. A good value here would be 10 minutes (600).<expire>
is the upper limit, in seconds, that a secondary name server is to use the data before it expires for lack of getting a refresh.You want this to be rather large, and a nice value is 3600000, about 42 days.
<minimum>
is the minimum number of seconds to be used for TTL value in RRs. A minimum of at least a day is a good value here (86400).There should only be one SOA record per zone. A sample SOA record would look something like:
The SOA records can be fitted on a single line.